CBOR Web Token (CWT) Claims

Created: 2018-03-22
Last Updated: 2023-04-28
Available Formats: XML
HTML
Plain text

Registries included below

CBOR Web Token (CWT) Claims
CWT Confirmation Methods

CBOR Web Token (CWT) Claims

Expert(s)

Mike Jones, Hannes Tschofenig, Ludwig Seitz

Reference

[RFC8392]

Note

Registration requests should be sent to the mailing list described in 
[RFC8392]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact iana@iana.org.

Available Formats

CSV

Range	Registration Procedures
Integer values from -256 to 255	Standards Action
Integer values from -65536 to -257	Specification Required
Integer values from 256 to 65535	Specification Required
Integer values greater than 65535	Expert Review
Strings of length 1	Standards Action
Strings of length 2	Specification Required
Strings of length greater than 2	Expert Review

Claim Name	Claim Description	JWT Claim Name	Claim Key	Claim Value Type	Change Controller	Reference
Reserved for Private Use			less than -65536			[RFC8392]
Unassigned			-65536 to -261
hcert	Health Certificate	hcert	-260	map	[European_eHealth_Network]	[Electronic Health Certificate Specification]
EUPHNonce	Challenge Nonce	EUPHNonce	-259	bstr	[FIDO_Alliance]	[FIDO Device Onboard Specification]
EATMAROEPrefix	Signing prefix for multi-app restricted operating environments	EATMAROEPrefix	-258	bstr	[FIDO_Alliance]	[FIDO Device Onboard Specification]
EAT-FDO	EAT-FDO may contain related to FIDO Device Onboarding	EAT-FDO	-257	array	[FIDO_Alliance]	[FIDO Device Onboard Specification]
Unassigned			-256 to -1
Reserved	This registration reserves the key value 0		0		[IESG]	[RFC8392]
iss	Issuer	iss	1	text string	[IESG]	[RFC8392]
sub	Subject	sub	2	text string	[IESG]	[RFC8392]
aud	Audience	aud	3	text string	[IESG]	[RFC8392]
exp	Expiration Time	exp	4	integer or floating-point number	[IESG]	[RFC8392]
nbf	Not Before	nbf	5	integer or floating-point number	[IESG]	[RFC8392]
iat	Issued At	iat	6	integer or floating-point number	[IESG]	[RFC8392]
cti	CWT ID	jti	7	byte string	[IESG]	[RFC8392]
cnf	Confirmation	cnf	8	map	[IESG]	[RFC8747]
scope	The scope of an access token, as defined in [RFC6749].	scope	9	byte string or text string	[IESG]	[RFC8693, Section 4.2]
Nonce	Nonce (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	nonce	10	byte string	[IESG]	[OpenID Connect Core 1.0][draft-ietf-rats-eat-12]
Unassigned			11 to 37
ace_profile	The ACE profile a token is supposed to be used with.	ace_profile	38	integer	[IETF]	[RFC9200, Section 5.10]
cnonce	The client-nonce sent to the AS by the RS via the client.	cnonce	39	byte string	[IETF]	[RFC9200, Section 5.10]
exi	The expiration time of a token measured from when it was received at the RS in seconds.	exi	40	unsigned integer	[IETF]	[RFC9200, Section 5.10.3]
Unassigned			41 to 255
UEID	The Universal Entity ID (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	ueid	256	byte string	[IESG]	[draft-ietf-rats-eat-12]
SUEIDs	Semi-permanent UEIDs (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	sueids	257	map	[IESG]	[draft-ietf-rats-eat-12]
Hardware OEMID	Hardware OEM ID (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	oemid	258	byte string or integer	[IESG]	[draft-ietf-rats-eat-12]
Hardware Model	Model identifier for hardware (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	hwmodel	259	byte string	[IESG]	[draft-ietf-rats-eat-12]
Hardware Version	Hardware Version Identifier (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	hwversion	260	array	[IESG]	[draft-ietf-rats-eat-12]
Unassigned			261
Secure Boot	Indicate whether the boot was secure (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	secboot	262	Boolean	[IESG]	[draft-ietf-rats-eat-12]
Debug Status	Indicate status of debug facilities (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	dbgstat	263	integer	[IESG]	[draft-ietf-rats-eat-12]
Location	The geographic location (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	location	264	map	[IESG]	[draft-ietf-rats-eat-12]
Profile	Indicates the EAT profile followed (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	eat_profile	265	URI or OID	[IESG]	[draft-ietf-rats-eat-12]
Submodules Section	The section containing submodules (TEMPORARY - registered 2022-03-23, extension registered 2023-02-13, expires 2024-03-23)	submods	266	map	[IESG]	[draft-ietf-rats-eat-12]
Unassigned			267 to 299
wmver (PROVISIONAL)	The version of the WM Token	wmver	300	unsigned integer	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmvnd (PROVISIONAL)	The WM technology vendor	wmvnd	301	unsigned integer	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmpatlen (PROVISIONAL)	The length in bits of the WM pattern	wmpatlen	302	unsigned integer	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmsegduration (PROVISIONAL)	The nominal duration of a segment	wmsegduration	303	map	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmpattern (PROVISIONAL)	The WM pattern	wmpattern	304	COSE_Encrypt0 or byte string	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmid (PROVISIONAL)	Used as input to derive the WM pattern for indirect mode	wmid	305	text string	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmopid (PROVISIONAL)	Used as additional input to derive the WM pattern for indirect mode	wmopid	306	unsigned integer	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
wmkeyver (PROVISIONAL)	The key to use for derivation of the WM pattern in indirect mode	wmkeyver	307	unsigned integer	[DASH-IF]	[DASH-IF IOP WAT, Section 5.4]
Unassigned			308 to 2393
psa-client-id	PSA Client ID	N/A	2394	signed integer	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
psa-security-lifecycle	PSA Security Lifecycle	N/A	2395	unsigned integer	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
psa-implementation-id	PSA Implementation ID	N/A	2396	byte string	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
psa-boot-seed	PSA Boot Seed	N/A	2397	byte string	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
psa-certification-reference	PSA Certification Reference	N/A	2398	text string	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
psa-software-components	PSA Software Components	N/A	2399	array	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
psa-verification-service-indicator	PSA Verification Service Indicator	N/A	2400	text string	[Hannes_Tschofenig]	[draft-tschofenig-rats-psa-token-09]
Unassigned			2401 to 65535

CWT Confirmation Methods

Registration Procedure(s)

Specification Required

Expert(s)

Ludwig Seitz, Mike Jones

Reference

[RFC8747]

Note

Registration requests should be sent to the mailing list described in 
[RFC8747]. If approved, designated experts should notify IANA within 
three weeks. For assistance, please contact iana@iana.org.

Available Formats

CSV

Confirmation Method Name	Confirmation Method Description	JWT Confirmation Method Name	Confirmation Key	Confirmation Value Type	Change Controller	Reference
COSE_Key	COSE_Key Representing Public Key	jwk	1	COSE_Key structure	[IESG]	[RFC8747, Section 3.2]
Encrypted_COSE_Key	Encrypted COSE_Key	jwe	2	COSE_Encrypt or COSE_Encrypt0 structure (with an optional corresponding COSE_Encrypt or COSE_Encrypt0 tag)	[IESG]	[RFC8747, Section 3.3]
kid	Key Identifier	kid	3	binary string	[IESG]	[RFC8747, Section 3.4]
osc	OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation	osc	4	map	[IETF]	[RFC9203, Section 3.2.1]

Contact Information

ID	Name	Contact URI	Last Updated
[DASH-IF]	DASH Industry Forum	https://dashif.org	2023-03-01
[European_eHealth_Network]	European eHealth Network	mailto:jakob&kirei.se	2021-04-15
[FIDO_Alliance]	FIDO Alliance	mailto:iana-request&fidoalliance.org	2021-03-05
[Hannes_Tschofenig]	Hannes Tschofenig	mailto:hannes.tschofenig&arm.com	2022-07-27
[IESG]	IESG	mailto:iesg&ietf.org	2018-05-04
[IETF]	IETF	mailto:iesg&ietf.org